Go back

Easily Publish Private Packages to AWS CodeArtifact via GitHub Actions Workflow

Published:  at  06:40 AM
Suggest Changes

You can seamlessly publish private packages to AWS CodeArtifact using GitHub Actions. This guide walks you through:

I’ve used the npm package for Node.js as an example in this article. This can be easily applied to other registries as well.

βš™οΈ Phase 1: Set Up AWS CodeArtifact (One-time setup)

1. Create a CodeArtifact Domain & Repository

  1. Go to AWS CodeArtifact Console.
  2. Create a Domain (e.g., netflix).
  3. Inside that domain, create a Repository (e.g., netflix-dev or netflix-prod). You can also create one for dev and prod.

2. Create an IAM Role for GitHub OIDC

Refer my previous blog on how to setup the base IAM role. Then, attach the following policies:

πŸ€– Phase 2: GitHub Actions Workflow

Here’s the minimal setup required to authenticate and publish your package.

πŸ” 1. Set AWS Credentials action step

- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
    role-to-assume: arn:aws:iam::<account-id>:role/<role-name>
    role-duration-seconds: 3600
    aws-region: us-east-1
    role-session-name: github-actions-codeartifact

πŸ”‘ 2. Setup AWS CodeArtifact & .npmrc

This step creates a ⁠.npmrc file at the project root. Alternatively, you can create one at the home root by naming it ⁠~/.npmrc.

- name: Setup AWS CodeArtifact
  run: |
    export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \
      --domain cb-artifactory \
      --domain-owner <account-id> \
      --query authorizationToken \
      --output text)

    export ARTIFACTORY_PUBLISH_URL=https://cb-artifactory-<account-id>.d.codeartifact.us-east-1.amazonaws.com/npm/<repository>
    
    echo "registry=$ARTIFACTORY_PUBLISH_URL/" > .npmrc
    echo "//$(echo $ARTIFACTORY_PUBLISH_URL | sed 's|https://||')/:_authToken=$CODEARTIFACT_AUTH_TOKEN" >> .npmrc

πŸš€ 3. Publish Package

Finally, publish the package. Nothing fancy.

- name: Publish SDK
  run: npm publish

Setting up a root registry file, such as an npmrc, will change the publish command for other registries.

You can view the complete GitHub Action workflow here: πŸ‘‰ GitHub Action Workflow Gist

Suggest Changes
Share this post on:
Share this post via WhatsApp Share this post on Facebook Share this post on X Share this post via Telegram Share this post on Pinterest Share this post via email
Previous Post
Fact Series β€” How the Blog Got Its Name?
Next Post
Creating an AWS IAM Role with GitHub as a Web Identity Provider